You could use ADFS (Active Directory Federation Services) for this.

This will require you to install an ADFS server inside of your network (so it can contact the AD).

The ADFS Server contains a web based STS (Security Token Service) to allow web pages to login using an AD account.

Basicly in a nutshell it will work as following:

1. Your user navigates to the external Web Application
2. The Web Application will redirect the user to the ADFS STS server.
3. ADFS STS Server will verify your credentials (either by using integrated security or a web based login box)
4. If the ADFS STS Server is happy abou the credentials it will then redirect the user back to the external Web Application with a login token as extra information. This token contains information about the user (can be configured). It is signed by the ADFS server (to ensure the information is authentic) and can optionally be encrypted.
5. The external web application extracts the token and tests the signature. If it is all correct the Web Application will grand the permissions that the user should have.

For information to set this up in an ASP.NET application you could refer to the following url:
http://blogs.msdn.com/b/alextch/archive/2011/06/27/building-a-test-claims-aware-asp-net-application-and-integrating-it-with-adfs-2-0-security-token-service-sts.aspx